Authorize Argo Tunnel GET - domain.cert.pem (cert.pem)

[stevenanthonyrevo]

Trying to set up a tunnel with cert.pem however Cloudflare is forcing my browser to https://www.cloudflare.com/a/warp?callback=<some token> and I rather name my root SSL domain.com.pem format.

Is there a Cloudflare API request to download each .pem file by domain per account on Cloudflare?

[adamchalmers]

Hi! There isn't such an endpoint, but as a workaround, you can authorize cloudflared in the browser. Then when it downloads cert.pem, you can rename it yourzone.cert.pem

[stevenanthonyrevo]

Hi @adamchalmers! Can this endpoint be possibly created? it would be much easier for devices that cannot access the browser.

Generating a self-signed certificate by a single command with OpenSSL works but when your domain is connected to Cloudflare, the only option is downloading from a browser to access the .pem file.

CoreDNS looks to be implemented, any chance the DNS-to-HTTPS concept can be explained further. Why is there no need for any port forwarding for Cloudflare to provide access to SSL certs on a domain from a Host machine?

[chungthuang]

Hi @stevenanthonyrevo, Argo Tunnel works with an outbound model, meaning your cloudflared will connect to Cloudflare's edge network, and the origin certificate downloaded when you first run cloudflared login is used to prove ownership of a domain. Requests can only reach your origin from the outbound connections, so there is no need for port forwarding.

[stevenanthonyrevo]

@chungthuang Thanks for explaining the outbound model! cloudflared login will have to do.

Unfortunately, I don't have enough knowledge in the codebase to offer a PR. I'd enjoy seeing an endpoint later becoming available for developers to fully manage certs with the terminal only similar to Openssl self-hosted certs but with certs issued from the live dashboard on Cloudflare's website.